IE bypasses Zonealarm

A

Antonicus

I have Zonealarm Version 7 and use Opera and Firefox exclusively on
XP.

However recently I brought up the IE browser which is hidden in
Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
left and click jump to URL)

I was able to connect to www.aliceinvideoland.co.nz and use its
search functions( even though there was a specific block on " Mobile
code" Zonealarms name for a mix of Javascript, vbscript, Java and
Active X)

Opera and Firefox were unable to get through this block to operate the
search function as one would expect.

When this block was removed Firefox and Opera could then access the
site to use the search function.

This implies that this embedded IE is able to do an end run around
firewalls even though the Firewall is specifically set to black code
from a specific site.

I must admit to be most unpleasantly surprised when IE broke security
in this fashion.
 
P

PA Bear

Now pull the other one.

Antonicus wrote:
> I have Zonealarm Version 7 and use Opera and Firefox exclusively on
> XP.
>
> However recently I brought up the IE browser which is hidden in
> Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
> left and click jump to URL)
>
> I was able to connect to www.aliceinvideoland.co.nz and use its
> search functions( even though there was a specific block on " Mobile
> code" Zonealarms name for a mix of Javascript, vbscript, Java and
> Active X)
>
> Opera and Firefox were unable to get through this block to operate the
> search function as one would expect.
>
> When this block was removed Firefox and Opera could then access the
> site to use the search function.
>
> This implies that this embedded IE is able to do an end run around
> firewalls even though the Firewall is specifically set to black code
> from a specific site.
>
> I must admit to be most unpleasantly surprised when IE broke security
> in this fashion.
 
A

Antonicus

Would you like to come over and try for yourself? Flights are cheap at
present.

Antonicus

On Aug 28, 6:17 pm, "PA Bear" <PABear...@gmail.com> wrote:
> Now pull the other one.
>
> Antonicus wrote:
> > I have Zonealarm Version 7 and use Opera and Firefox exclusively on
> > XP.
>
 
J

jwgoerlich@gmail.com

It is actually Microsoft HTML Help Executable (hh.exe) rather than
Wordpad or Internet Explorer that is bypassing your security settings.
You can verify this by opening any compiled help (*.chm) file. I had
not known that this could be used to bypass Zonealarm, but it has long
been a security concern in Citrix/Terminal Services environments.

Regards,

J Wolfgang Goerlich

On Aug 28, 1:48 am, Antonicus <anthonyleal...@gmail.com> wrote:
> I have Zonealarm Version 7 and use Opera and Firefox exclusively on
> XP.
>
> However recently I brought up the IE browser which is hidden in
> Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
> left and click jump to URL)
>
> I was able to connect towww.aliceinvideoland.co.nz and use its
> search functions( even though there was a specific block on " Mobile
> code" Zonealarms name for a mix of Javascript, vbscript, Java and
> Active X)
>
> Opera and Firefox were unable to get through this block to operate the
> search function as one would expect.
>
> When this block was removed Firefox and Opera could then access the
> site to use the search function.
>
> This implies that this embedded IE is able to do an end run around
> firewalls even though the Firewall is specifically set to black code
> from a specific site.
>
> I must admit to be most unpleasantly surprised when IE broke security
> in this fashion.
 
P

PA Bear

Oh, now I understand what...

>> However recently I brought up the IE browser which is hidden in
>> Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
>> left and click jump to URL)

....means! Thanks. You're CystalBall was working better than mine. <w>
--
~PA Bear

jwgoerlich@gmail.com wrote:
> It is actually Microsoft HTML Help Executable (hh.exe) rather than
> Wordpad or Internet Explorer that is bypassing your security settings.
> You can verify this by opening any compiled help (*.chm) file. I had
> not known that this could be used to bypass Zonealarm, but it has long
> been a security concern in Citrix/Terminal Services environments.
>
> Regards,
>
> J Wolfgang Goerlich
>
> On Aug 28, 1:48 am, Antonicus <anthonyleal...@gmail.com> wrote:
>> I have Zonealarm Version 7 and use Opera and Firefox exclusively on
>> XP.
>>
>> However recently I brought up the IE browser which is hidden in
>> Wordpad. ( Click Help Topics in Wordpad, Click the Question Mark top
>> left and click jump to URL)
>>
>> I was able to connect towww.aliceinvideoland.co.nz and use its
>> search functions( even though there was a specific block on " Mobile
>> code" Zonealarms name for a mix of Javascript, vbscript, Java and
>> Active X)
>>
>> Opera and Firefox were unable to get through this block to operate the
>> search function as one would expect.
>>
>> When this block was removed Firefox and Opera could then access the
>> site to use the search function.
>>
>> This implies that this embedded IE is able to do an end run around
>> firewalls even though the Firewall is specifically set to black code
>> from a specific site.
>>
>> I must admit to be most unpleasantly surprised when IE broke security
>> in this fashion.
 
A

Antonicus

Thanks ever so Wolfgang. I have others who will be able to follow up
your directions on this.


Cheers
Anthony
 
You must log in or register to reply here.

Similar threads

M
ERR_SSL_PROTOCOL_ERROR - This site can’t provide a secure connection error
Replies
0
Views
18
mtyler77
M
M
ERR_SSL_PROTOCOL_ERROR - This site can’t provide a secure connection error
Replies
0
Views
25
mtyler77
M
P
Windows 10 Location & Geolocation
Replies
0
Views
53
philip starley
P
M
Ongoing issues with windows 10 not properly removing bluetooth headset when clicking the remove device button
Replies
0
Views
57
Mike Loeven
M
X
MS Edge: change what appears when you place mouse in location bar
Replies
0
Views
91
xprt007
X
Back
Top Bottom